Enabling secure mobility in the public sector

David Critchley, Regional Director, UK&I, MobileIron, highlights the importance of enabling secure mobility after a Freedom of Information (FoI) request revealed how many mobile and laptop devices had been lost by staff from nine ministerial departments in 2018

Mobility continues to play an increasingly important role for government departments everywhere. Enabling secure mobility is one of the best ways government departments can deliver the benefits of modern work to both their employees and the citizens they serve. Simply enabling email is no longer sufficient to meet the demands of the mobile workforce; full productivity depends on real-time access to applications and files and the ability to share data or collaborate anywhere at any time.

To empower the mobile workforce, government departments are moving towards mobile computing and telework, which helps them to shift work to the optimal location, time and resource. As workplace mobility increases, many government employees are now using mobile devices such as smartphones and tablets to complete their work. But while an empowered mobile workforce hosts a number of benefits for government employees, they do not come without an increased security risk.

The Freedom of Information (FoI) request revealed that over 500 devices were lost and only 10% of these devices were ever recovered. This is a stark reminder that cybersecurity needs to be top of mind for government departments that are rolling out a mobile strategy.

Benefits of a mobile workforce

Mobile devices enable all types of mobile workers, including police officers, social workers and probation officers, access to applications seamlessly as well as improve response time and reporting from the field. Mobile devices allow government officials to work outside of the office, enabling them to access data anywhere, and at any time. All of this increases employee productivity which results in much-needed cost savings for government departments. 

Bring Your Own Device (BYOD)

For many government departments, the best way to maximise both the productivity and efficiency of its mobile workers, while simultaneously minimising cost, will be through implementing a bring-your-own-device (BYOD) policy. The global Bring Your Own Device market has grown massively in recent years, and it is not expected to slow down any time soon, with it being estimated to grow to as much £262,696 billion by 2022. This is compared to just £53.6 billion in 2012. The main drivers behind this growth are the savings BYOD can offer in terms of both of productivity, and capital expenditure.

For instance, it is estimated that BYOD can save enterprises an average of £1,072 in IT expenditure per employee; while simultaneously saving the average employee 81 minutes in productivity per week. At a time where government budgets are shrinking, these savings should delight departments and be embraced.

There is no reason why government workers can’t reap the rewards of BYOD, but in order for them to do so, they must ensure that employee devices can securely access government data and applications while preserving personal content and maintaining employee privacy. As our FoI proves, there is a very real threat that unsecured devices pose if they are lost. It is impossible to prevent staff from losing devices after all these mistakes do happen, but it is possible to mitigate the threat lost devices pose.

Securing government devices

Whether government departments decide to implement BYOD or not, there is no doubt that the mobile worker has a whole range of new devices at their disposal. Long gone are the days of government personnel depending solely on their Blackberry for mobile working. As employees leverage an ever-increasing number of applications to access their departmental data, with the average enterprise using up to almost 1,000 cloud-based applications, the security risk also increases. Security must, therefore, be at the forefront of each and every government departments’ mobile strategy, and this means it’s time to forget trust, and time to deploy a zero-trust architecture.

Zero-trust is a security concept based on the belief that organisations should not automatically trust anything, both inside and outside of its perimeters. It assumes that everything trying to connect to an organization’s network has been compromised, and thus must be verified. It is a direct consequence of the unmanaged, post-perimeter, modern working environment. For government departments, this not only means the devices that employees are using, but also the applications they are using.

The challenge for departments will be in how to establish trust in this zero-trust environment, and this will be different for each department, as the applications and workflows for each will differ.